[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-267-gdf013c9
by Werner Koch
cvs at cvs.gnupg.org
Tue Sep 24 15:16:14 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via df013c9820709421ef9550158ac5df0060d73379 (commit)
from d5f91466695c5736f441c9bf1998436184a4bf61 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit df013c9820709421ef9550158ac5df0060d73379
Author: Werner Koch <wk at gnupg.org>
Date: Sat Sep 7 10:06:46 2013 +0200
ecc: Allow the use of an uncompressed public key.
* cipher/ecc.c (eddsa_encodepoint): Factor most code out to ...
(eddsa_encode_x_y): new fucntion.
(eddsa_decodepoint): Allow use of an uncompressed public key.
* tests/t-ed25519.c (N_TESTS): Adjust.
* tests/t-ed25519.inp: Add test 1025.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index d31b4be..82d5bba 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -606,24 +606,17 @@ eddsa_encodempi (gcry_mpi_t mpi, unsigned int minlen,
}
-/* Encode POINT using the EdDSA scheme. X and Y are scratch variables
- supplied by the caller and CTX is the usual context. MINLEN is the
- required length in bytes for the result. On success 0 is returned
- an a malloced buffer with the encoded point is stored at R_BUFFER;
- the length of this buffer is stored at R_BUFLEN. */
+/* Encode (X,Y) using the EdDSA scheme. MINLEN is the required length
+ in bytes for the result. On success 0 is returned and a malloced
+ buffer with the encoded point is stored at R_BUFFER; the length of
+ this buffer is stored at R_BUFLEN. */
static gpg_err_code_t
-eddsa_encodepoint (mpi_point_t point, unsigned int minlen, mpi_ec_t ctx,
- gcry_mpi_t x, gcry_mpi_t y,
- unsigned char **r_buffer, unsigned int *r_buflen)
+eddsa_encode_x_y (gcry_mpi_t x, gcry_mpi_t y, unsigned int minlen,
+ unsigned char **r_buffer, unsigned int *r_buflen)
{
unsigned char *rawmpi;
unsigned int rawmpilen;
- if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
- {
- log_error ("eddsa_encodepoint: Failed to get affine coordinates\n");
- return GPG_ERR_INTERNAL;
- }
rawmpi = _gcry_mpi_get_buffer (y, minlen, &rawmpilen, NULL);
if (!rawmpi)
return gpg_err_code_from_syserror ();
@@ -635,12 +628,30 @@ eddsa_encodepoint (mpi_point_t point, unsigned int minlen, mpi_ec_t ctx,
return 0;
}
+/* Encode POINT using the EdDSA scheme. X and Y are scratch variables
+ supplied by the caller and CTX is the usual context. MINLEN is the
+ required length in bytes for the result. On success 0 is returned
+ and a malloced buffer with the encoded point is stored at R_BUFFER;
+ the length of this buffer is stored at R_BUFLEN. */
+static gpg_err_code_t
+eddsa_encodepoint (mpi_point_t point, unsigned int minlen, mpi_ec_t ctx,
+ gcry_mpi_t x, gcry_mpi_t y,
+ unsigned char **r_buffer, unsigned int *r_buflen)
+{
+ if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
+ {
+ log_error ("eddsa_encodepoint: Failed to get affine coordinates\n");
+ return GPG_ERR_INTERNAL;
+ }
+ return eddsa_encode_x_y (x, y, minlen, r_buffer, r_buflen);
+}
+
/* Decode the EdDSA style encoded PK and set it into RESULT. LEN is
the expected length in bytes of the encoded key and CTX the usual
curve context. If R_ENCPK is not NULL, the encoded PK is stored at
- that address; this is a new copy to be release by the caller. In
- contrast to the supplied PK, this is not an MPI and thus guarnteed
+ that address; this is a new copy to be released by the caller. In
+ contrast to the supplied PK, this is not an MPI and thus guarnateed
to be properly padded. R_ENCPKLEN received the length of that
encoded key. */
static gpg_err_code_t
@@ -648,6 +659,7 @@ eddsa_decodepoint (gcry_mpi_t pk, unsigned int len, mpi_ec_t ctx,
mpi_point_t result,
unsigned char **r_encpk, unsigned int *r_encpklen)
{
+ gpg_err_code_t rc;
unsigned char *rawmpi;
unsigned int rawmpilen;
gcry_mpi_t yy, t, x, p1, p2, p3;
@@ -655,12 +667,50 @@ eddsa_decodepoint (gcry_mpi_t pk, unsigned int len, mpi_ec_t ctx,
if (mpi_is_opaque (pk))
{
- const void *buf;
+ const unsigned char *buf;
buf = gcry_mpi_get_opaque (pk, &rawmpilen);
if (!buf)
return GPG_ERR_INV_OBJ;
rawmpilen = (rawmpilen + 7)/8;
+
+ /* First check whether the public key has been given in standard
+ uncompressed format. No need to recover x in this case.
+ Detection is easy: The size of the buffer will be odd and the
+ first byte be 0x04. */
+ if (rawmpilen > 1 && buf[0] == 0x04 && (rawmpilen%2))
+ {
+ gcry_mpi_t y;
+
+ rc = gcry_mpi_scan (&x, GCRYMPI_FMT_STD,
+ buf+1, (rawmpilen-1)/2, NULL);
+ if (rc)
+ return rc;
+ rc = gcry_mpi_scan (&y, GCRYMPI_FMT_STD,
+ buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL);
+ if (rc)
+ {
+ mpi_free (x);
+ return rc;
+ }
+
+ if (r_encpk)
+ {
+ rc = eddsa_encode_x_y (x, y, len, r_encpk, r_encpklen);
+ if (rc)
+ {
+ mpi_free (x);
+ mpi_free (y);
+ return rc;
+ }
+ }
+ mpi_snatch (result->x, x);
+ mpi_snatch (result->y, y);
+ mpi_set_ui (result->z, 1);
+ return 0;
+ }
+
+ /* EdDSA compressed point. */
rawmpi = gcry_malloc (rawmpilen? rawmpilen:1);
if (!rawmpi)
return gpg_err_code_from_syserror ();
@@ -669,6 +719,9 @@ eddsa_decodepoint (gcry_mpi_t pk, unsigned int len, mpi_ec_t ctx,
}
else
{
+ /* Note: Without using an opaque MPI it is not reliable possible
+ to find out whether the public key has been given in
+ uncompressed format. Thus we expect EdDSA format here. */
rawmpi = _gcry_mpi_get_buffer (pk, len, &rawmpilen, NULL);
if (!rawmpi)
return gpg_err_code_from_syserror ();
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index f816fda..0a6ae14 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -32,7 +32,7 @@
#include "stopwatch.h"
#define PGM "t-ed25519"
-#define N_TESTS 1024
+#define N_TESTS 1025
#define my_isascii(c) (!((c) & 0x80))
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
@@ -460,7 +460,9 @@ check_ed25519 (void)
xfree (sig);
if (ntests != N_TESTS)
- fail ("did %d tests but expected %s", ntests, N_TESTS);
+ fail ("did %d tests but expected %d", ntests, N_TESTS);
+ else if ((ntests % 256))
+ show_note ("%d tests done\n", ntests);
fclose (fp);
xfree (fname);
diff --git a/tests/t-ed25519.inp b/tests/t-ed25519.inp
index 5da0d6e..61387c4 100644
--- a/tests/t-ed25519.inp
+++ b/tests/t-ed25519.inp
@@ -2,13 +2,14 @@
# This has been taken from
# http://ed25519.cr.yp.to/python/sign.input
# which distributed them as public domain.
-# For our use converted using this schript:
+# For our use converted using this script:
# awk -F: 'BEGIN {n=1} { print "TST: " n; n++; \
# print "SK: " substr($1,0,64); print "PK: " $2;\
# print "MSG: " $3; print "SIG: " substr($4,0,128); print ""}'
#
# The PK appended to the SK and the MSG appended to the SIG have been
-# stripped.
+# stripped. A few additional tests have been added to the 1024
+# original tests.
TST: 1
SK: 9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
@@ -6153,3 +6154,11 @@ SK: f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5
PK: 278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e
MSG: 08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0
SIG: 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03
+
+# Now an additional test with the data from test 1 but using an
+# uncompressed public key.
+TST: 1025
+SK: 9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
+PK: 0455d0e09a2b9d34292297e08d60d0f620c513d47253187c24b12786bd777645ce1a5107f7681a02af2523a6daf372e10e3a0764c9d3fe4bd5b70ab18201985ad7
+MSG:
+SIG: e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b
-----------------------------------------------------------------------
Summary of changes:
cipher/ecc.c | 85 +++++++++++++++++++++++++++++++++++++++++---------
tests/t-ed25519.c | 6 ++-
tests/t-ed25519.inp | 13 ++++++-
3 files changed, 84 insertions(+), 20 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list